Monday, April 21, 2008

Detail of Security Feature of ATA

Introduction

The optional Security Mode feature set is a password system that restricts access to user data stored on a device. The system has two passwords, User and Master, and two security levels, High and Maximum. The security system is enabled by sending a user password to the device with the SECURITY SET PASSWORD command. When the security system is enabled, access to user data on the device is denied after a power cycle until the User password is sent to the device with the SECURITY UNLOCK command. A Master password may be set in addition to the User password. The purpose of the Master password is to allow an administrator to establish a password that is kept secret from the user, and which may be used to unlock the device if the User password is lost. Setting the Master password does not enable the password system.

The security level is set to High or Maximum with the SECURITY SET PASSWORD command. The security level determines device behavior when the Master password is used to unlock the device. When the security level is set to High the device requires the SECURITY UNLOCK command and the Master password to unlock. When the security level is set to Maximum the device requires a SECURITY ERASE PREPARE command and a SECURITY ERASE UNIT command with the masterpassword to unlock. Execution of the SECURITY ERASE UNIT command erases all user data on the device.

The SECURITY FREEZE LOCK command prevents changes to passwords until a following power cycle. The purpose of the SECURITY FREEZE LOCK command is to prevent password setting attacks on the security system.

A device that implements the Security Mode feature set shall implement the following minimum set of commands:
− SECURITY SET PASSWORD
− SECURITY UNLOCK
− SECURITY ERASE PREPARE
− SECURITY ERASE UNIT
− SECURITY FREEZE LOCK
− SECURITY DISABLE PASSWORD
Support of the Security Mode feature set is indicated in IDENTIFY DEVICE data word 82 and data word 128.

Security mode initial setting
When the device is shipped by the manufacturer, the state of the Security Mode feature shall be disabled. The initial Master password value is not defined by this standard. If the Master Password Revision Code feature is supported, the Master Password Revision Code shall be set to FFFEh by the manufacturer.

User password lost
If the User password sent to the device with the SECURITY UNLOCK command does not match the user password previously set with the SECURITY SET PASSWORD command, the device shall not allow the user to access data. If the Security Level was set to High during the last SECURITY SET PASSWORD command, the device shall unlock if the Master password is received. If the Security Level was set to Maximum during the last SECURITY SET PASSWORD command, the device shall not unlock if the Master password is received. The SECURITY ERASE UNIT command shall erase all user data and unlock the device if the Master password matches the last Master password previously set with the SECURITY SET PASSWORD command.

Attempt limit for SECURITY UNLOCK command
The device shall have an attempt limit counter. The purpose of this counter is to defeat repeated trial attacks. After each failed User or Master password SECURITY UNLOCK command, the counter is decremented. When the counter value reaches zero the EXPIRE bit (bit 4) of IDENTIFY DEVICE data word 128 is set to one, and the SECURITY UNLOCK and SECURITY UNIT ERASE commands are command aborted until the device is powered off or hardware reset. The EXPIRE bit shall be cleared to zero after power-on or hardware reset. The counter shall be set to five after a power-on or hardware reset.
Index

2 comments:

  1. http://forum.hddguru.com/unlock-wd800jd-t13525.html

    ReplyDelete
  2. hello sandeep

    i tready try ur software but my harddrive still locking
    btw can u help me or give another trick


    regadr's

    ReplyDelete